gh-daily-timeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The script calls the GitHub API (e.g., gh api /users/{username}/events and /repos/{repo}/compare/{before}...{head}) and reads commit messages, issue titles/comments and other user-generated event data from GitHub, which is untrusted third-party content that the agent directly parses and displays.